Check Point Research were able to gain access using a phone line to send a fax that could take full control over a Hewlett Packard all-in-one printer, and later spread a payload inside the computer network accessible to the printer.

What Is Xerox Doing About This?

Xerox completed assessment to Xerox products.

As a reminder, our Common Criteria Certified MFDs certify our design, which separates the fax processing and the network interface thereby preventing an interconnection between the Public Switch Telephone Network and the Internal Network.

Impact

Assessments indicate:

Xerox Devices built on Xerox ConnectKey Technology are not affected by the fax exploit

Production products are not affected as they do not have FAX capability

Light production products that do have a fax optional kit are not affected by the fax exploit

All Product platforms not mentioned here are not affected

What Should You Do?

Although assessed Xerox products are not affected, some best practices are:

If FAX functionality is not needed, you may choose to disable this function. If FAX functionality is needed, segmentation of your network will minimize these types of attacks.

As always, consult your IT department’s practices.

Security Solutions for Documents and Printing

Security is critical to every business, and we take it seriously at Xerox.